Privacy & GDPR Policy
Introduction
Refix is committed to protecting the privacy and security of our users’ data. This policy outlines our practices and commitments in relation to data protection and privacy, in compliance with the General Data Protection Regulation (GDPR).
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union (EU) that requires organizations to safeguard personal data and uphold the privacy rights of individuals in EU territory.
Refix’s GDPR Compliance
Refix is fully compliant with the GDPR framework. We are committed to:
- Minimizing data collection
- Ensuring data security
- Respecting user privacy
- Providing transparency in our data practices
Refix as a Data Controller
Refix acts as a Data Controller for the personal information provided by our customers to use our service (e.g., registration information). We do not sell personal data to third parties or use it for marketing purposes without explicit consent.
Refix as a Data Processor
When our customers use Refix to collect data about their website visitors, Refix acts as a Data Processor. We process this data according to our customers’ instructions and in compliance with GDPR. We use as minimal amount of sub-processors as possible. Here is the full list:
| Service | Usage | GDPR Compliance |
|---|---|---|
| Stripe | Payment processing and subscription management | Learn more |
| Clerk | User authentication and management | Learn more |
| Loops | Email communication and marketing automation | Learn more |
Data We Collect
We collect minimal data to provide our service effectively:
| Data Point | Description |
|---|---|
| Unique user identifier | A randomly generated ID stored locally in the user’s browser to distinguish individual visitors anonymously. |
| Page views | URLs of pages visited |
| Referrer | The source of the visit |
| Device information | Browser, operating system, screen width and device type |
| Location | The user’s country, inferred from their browser’s timezone setting. No IP addresses are collected or used. |
Data Storage and Security
- All data is encrypted and stored on servers located within the European Union.
- We use industry-standard security measures to protect your data.
- We regularly perform backups to prevent data loss.
User Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase your personal data
- Restrict or object to processing
- Data portability
To exercise these rights, please contact us at hey@refix.ai.
Data Retention
We retain data only for as long as necessary to provide our service and comply with legal obligations. Users can request deletion of their data at any time.
Google User Data Policy Addendum
Google User Data Access
Our application accesses the following Google user data through the Google Analytics API:
- Google Analytics reports, metrics, and dimensions
- Google Analytics account and property information
- View (profile) data and report configurations
We access this data only after you have explicitly granted permission through Google’s OAuth 2.0 authentication process for the following scopes:
analytics.readonly
Use of Google User Data
Refix uses Google Analytics data solely for the following purposes:
- Providing insights and analytics about your application performance
- Displaying your Google Analytics data within our platform for your analysis
- Generating recommendations and growth opportunities based on your analytics data
- Powering our AI agent that performs deep dives on your Google Analytics data
We process this data temporarily in memory to generate insights. We do not store, cache, or copy any Google Analytics data to our databases. All analysis is performed through direct API calls with your provided OAuth tokens.
Sharing Google User Data
Refix does not share, transfer, or disclose your Google user data with any third parties.
We do not:
- Sell Google user data to third parties
- Use Google user data for advertising purposes
- Transfer Google user data to data brokers
- Combine Google user data with other datasets in ways that would reduce user privacy or control
Revoking Access
You can revoke Refix’s access to your Google Analytics data at any time by either:
Method 1: Through Google Account Settings
- Visiting Google Account Settings
- Selecting Refix from the list of connected applications
- Clicking “Remove Access”
Method 2: Through Refix Platform
- Logging into your Refix account
- Navigating to the “Integrations” tab
- Finding the Google Analytics integration
- Clicking “Disconnect” or “Remove Access”
Upon revocation through either method, we will immediately cease accessing your Google Analytics data and delete any cached credentials.
Changes to This Policy
We may update this policy from time to time. We will notify users of any significant changes.
Contact Us
If you have any questions about this policy or our data practices, please contact us at:
Email: hey@refix.ai
Last updated: 1st August 2024